acl_check(3) — Linux manual page


ACL_CHECK(3)          BSD Library Functions Manual          ACL_CHECK(3)

NAME         top

     acl_check — check an ACL for validity

LIBRARY         top

     Linux Access Control Lists library (libacl, -lacl).

SYNOPSIS         top

     #include <sys/types.h>
     #include <acl/libacl.h>

     acl_check(acl_t acl, int *last);

DESCRIPTION         top

     The acl_check() function checks the ACL referred to by the argument
     acl for validity.

     The three required entries ACL_USER_OBJ, ACL_GROUP_OBJ, and
     ACL_OTHER must exist exactly once in the ACL. If the ACL contains
     any ACL_USER or ACL_GROUP entries, then an ACL_MASK entry is also
     required. The ACL may contain at most one ACL_MASK entry.

     The user identifiers must be unique among all entries of type
     ACL_USER.  The group identifiers must be unique among all entries
     of type ACL_GROUP.

     If the ACL referred to by acl is invalid, acl_check() returns a
     positive error code that indicates which type of error was
     detected.  The following symbolic error codes are defined:

     ACL_MULTI_ERROR       The ACL contains multiple entries that have a
                           tag type that may occur at most once.

     ACL_DUPLICATE_ERROR   The ACL contains multiple ACL_USER entries
                           with the same user ID, or multiple ACL_GROUP
                           entries with the same group ID.

     ACL_MISS_ERROR        A required entry is missing.

     ACL_ENTRY_ERROR       The ACL contains an invalid entry tag type.

     The acl_error() function can be used to translate error codes to
     text messages.

     In addition, if the pointer last is not NULL, acl_check() assigns
     the number of the ACL entry at which the error was detected to the
     value pointed to by last.  Entries are numbered starting with zero,
     in the order in which they would be returned by the acl_get_entry()

RETURN VALUE         top

     If successful, the acl_check() function returns 0 if the ACL
     referred to by acl is valid, and a positive error code if the ACL
     is invalid. Otherwise, a value of -1 is returned and the global
     variable errno is set to indicate the error.

ERRORS         top

     If any of the following conditions occur, the acl_check() function
     returns -1 and sets errno to the corresponding value:

     [EINVAL]           The argument acl is not a valid pointer to an

STANDARDS         top

     This is a non-portable, Linux specific extension to the ACL
     manipulation functions defined in IEEE Std 1003.1e draft 17
     (“POSIX.1e”, abandoned).

SEE ALSO         top

     acl_valid(3), acl(5)

AUTHOR         top

     Written by Andreas Gruenbacher <>.

COLOPHON         top

     This page is part of the acl (manipulating access control lists)
     project.  Information about the project can be found at  If you have a bug report
     for this manual page, see
     ⟨⟩.  This page was
     obtained from the project's upstream Git repository
     ⟨git://⟩ on 2021-08-27.  (At that
     time, the date of the most recent commit that was found in the
     repository was 2021-03-16.)  If you discover any rendering problems
     in this HTML version of the page, or you believe there is a better
     or more up-to-date source for the page, or you have corrections or
     improvements to the information in this COLOPHON (which is not part
     of the original manual page), send a mail to

Linux ACL                    March 23, 2002                    Linux ACL